Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for key wrapping via a storage system to allow secure access to media of the system by multiple authorities with modifiable permissions, the method comprising: establishing access to the system for a first administrator, wherein establishing access to the system for the first administrator includes: based on a first input received by the system, randomly generating a global administrator key; wrapping a first copy of the global administrator key with a first set of credentials associated with the first administrator to provide a wrapped first copy of the global administrator key; storing the wrapped first copy of the global administrator key in a drive of the system; randomly generating a plurality of range keys, the plurality of range keys being associated with ranges of logical block addresses of the drive; randomly generating a plurality of range key encrypting keys, the plurality of range encrypting keys corresponding to the plurality of range keys; wrapping first copies of the plurality of range keys with first copies of the plurality of range key encrypting keys and storing the wrapped first copies of the plurality of range keys on the drive; and wrapping second copies of the plurality of range key encrypting keys with a second copy of the global administrator key and storing the wrapped second copies of the plurality of range key encrypting keys on the drive; establishing access to the system for a non-administrator user, including: randomly generating a user key, wrapping a first copy of the user key with the first copy of the global administrator key and storing the wrapped first copy of the user key on the drive; wrapping a second copy of the user key with a first set of credentials associated with the user and storing the wrapped second copy of the user key on the drive; and wrapping a third copy of the user key with a subset of the first copies of the range key encrypting keys; and granting user permissions by the first administrator to the user for a user-requested range of the drive, including: unwrapping the first copy of the global administrator key via the first set of credentials associated with the first administrator; accessing a selected range key encrypting key included in the plurality of first copies of range key encrypting keys via the first copy of the global administrator key, the selected range key encrypting key being associated with the user-requested range of the drive; unwrapping the wrapped first copy of the user key, via the first copy of the global administrator key; wrapping the selected range key encrypting key with a fourth copy of the user key and storing the wrapped selected range key encrypting key on the drive.
A method for secure data access uses key wrapping within a storage system to control access by multiple administrators and users with customizable permissions. An administrator logs in, generating a global admin key. This key is wrapped (encrypted) with the administrator's credentials and stored. Range keys are randomly generated for different data blocks. These range keys are then wrapped with randomly generated range key encrypting keys, and both are stored on the drive. The range key encrypting keys are also wrapped with the global admin key. A user logs in, generating a user key, wrapped with the global admin key and stored. It is also wrapped with the user's credentials and a subset of the range key encrypting keys. When the admin grants the user access to a data range, the global admin key is unwrapped using the admin's credentials. The appropriate range key encrypting key (corresponding to the data range) is accessed, the user key is unwrapped using the global admin key, and the range key encrypting key is wrapped with the user key.
2. The method as claimed in claim 1 , further comprising: establishing access to the system for a second administrator, wherein establishing access to the system for the second administrator includes: based on a second input received by the system, unwrapping the wrapped first copy of the global administrator key and the wrapped first copies of the plurality of range keys, via the first set of credentials associated with the first administrator, to recover the first copy of the global administrator key and the first copies of the plurality of range key encrypting keys; wrapping a third copy of the global administrator key with a first set of credentials associated with the second administrator and storing the wrapped third copy of the global administrator key on the drive; wrapping third copies of the plurality of range key encrypting keys with a fourth copy of the global administrator key and storing the wrapped third copies of the plurality of range key encrypting keys on the drive, wherein the first administrator is actively authenticated on the system during the step of establishing access to the system for the second administrator.
The method of claim 1 is extended to include a second administrator. The first admin, logged in and authenticated, unwraps the wrapped global admin key and range key encrypting keys using their credentials. A third copy of the global admin key is wrapped with the second administrator's credentials and stored. Third copies of the range key encrypting keys are wrapped with a fourth copy of the global admin key and stored. This allows the second administrator to have similar privileges as the first, and critically requires the first admin to be logged in and actively authenticated during the second admin setup, preventing unauthorized access.
3. The method as claimed in claim 2 , further comprising: updating credentials of the first administrator, including: based on a third input received by the system, unwrapping the wrapped first copy of the global administrator key and the wrapped first copies of the plurality of range keys, via the first set of credentials associated with the first administrator, to recover the first copy of the global administrator key and the first copies of the plurality of range key encrypting keys; and re-wrapping the first copy of the global administrator key with a second set of credentials associated with the first administrator and storing the re-wrapped first copy of the global administrator key on the drive.
The method of claim 2 includes updating an administrator's credentials. Using the first administrator's OLD credentials, the wrapped global admin key and range key encrypting keys are unwrapped, revealing the original global admin key and range key encrypting keys. The global admin key is then re-wrapped (re-encrypted) with the first administrator's NEW credentials and stored, replacing the old wrapped key. This ensures that only the new credentials can unlock the admin key.
4. The method as claimed in claim 3 , further comprising: allowing the first administrator to access a range of the drive, including: based on a fourth input received by the system, unwrapping the first copy of the global administrator key, via utilization of the second set of credentials associated with the first administrator, to recover the first copy of the range key encrypting key, the range key encrypting key being associated with the range of the drive; unwrapping a wrapped first copy of a range key included in the plurality of wrapped first copies of range keys, via the first copy of the range key encrypting key, the unwrapped first copy of the range key corresponding to the first copy of the range key encrypting key; and programming data encryption key into hardware registers of the system and accessing the data encryption key using the first copy of the range key encrypting key.
The method of claim 3 enables an administrator to access a data range. The global admin key is unwrapped using the administrator's NEW credentials. The corresponding range key encrypting key for the requested data range is retrieved using the global admin key. The wrapped range key (specific to that data range) is then unwrapped using the range key encrypting key. This unwrapped range key becomes a data encryption key, loaded into hardware registers, allowing the administrator to access and decrypt data in that specified range.
5. The method as claimed in claim 4 , further comprising: establishing access to the system for a second non-administrator user, including: based on a fifth input received by the system, unwrapping the re-wrapped first copy of the global administrator key via the second set of credentials of the first administrator; accessing a subset of the first copies of the plurality of range key encrypting keys via the second set of credentials of the first administrator, the subset including only range key encrypting keys associated with ranges of the drive the second user is authorized to access; randomly generating a second user key; wrapping a first copy of the second user key with the first copy of the global administrator key and storing the wrapped first copy of the second user key on the drive; wrapping a second copy of the second user key with a first set of credentials associated with the second user and storing the wrapped second copy of the second user key on the drive; and wrapping a third copy of the second user key with the subset of first copies of the range key encrypting keys.
The method of claim 4 adds a second user. The global admin key is unwrapped using the first administrator's NEW credentials. A subset of the range key encrypting keys is accessed, limited to ranges the second user is permitted to access. A second user key is randomly generated. This second user key is wrapped with the global admin key, the second user's credentials, and the subset of range key encrypting keys. This controls the second user's access to only authorized data ranges, as determined by the administrator.
6. The method as claimed in claim 5 , further comprising: updating credentials of the second user, including: based on a sixth input received by the system, unwrapping the second copy of the second user key via the first set of credentials associated with the second user; re-wrapping the second copy of the second user key with a second set of credentials associated with the second user; and storing the re-wrapped second copy of the second user key on the drive.
The method of claim 5 includes updating a user's credentials. The second user's existing (old) credentials are used to unwrap the user key previously wrapped with those credentials. This unwrapped user key is then re-wrapped with the second user's NEW credentials and stored, replacing the old wrapped key. This process updates the stored user key to use the new credentials for future access.
7. The method as claimed in claim 6 , further comprising: granting user permissions by the first administrator or the second administrator to the second user for a second user-requested range of the drive, including: based on a seventh input received by the system, unwrapping the first copy of the global administrator key via the second set of credentials associated with the first administrator; accessing a selected range key encrypting key included in the plurality of first copies of range key encrypting keys via the first copy of the global administrator key, the selected range key encrypting key being associated with the second user-requested range of the drive; unwrapping the wrapped first copy of the second user key, via the first copy of the global administrator key; wrapping the selected range key encrypting key with a fourth copy of the second user key and storing the wrapped selected range key encrypting key on the drive.
The method of claim 6 allows an administrator (either the first or second) to grant a second user access to a drive range. The global administrator key is unwrapped using the first administrator's credentials. The range key encrypting key for the requested drive range is accessed using the global admin key. The user key of the second user is unwrapped using the global admin key. The selected range key encrypting key is then wrapped with a fourth copy of the second user key and stored.
8. The method as claimed in claim 7 , further comprising: granting access for the second user to the second user-requested range of the drive, including: based on an eighth input received by the system, unwrapping the re-wrapped second copy of the second user key, via the second set of credentials associated with the second user, to recover the second copy of the second user key; unwrapping the wrapped selected range key encrypting key, via the second copy of the second user key, to recover the selected range key encrypting key; unwrapping a wrapped first copy of a range key included in the plurality of wrapped first copies of range keys, via the selected range key encrypting key, to recover the first copy of the range key, the first copy of the range key corresponding to the requested range of the drive; and programming a data encryption key into hardware registers of the system and accessing the data encryption key using the first copy of the range key encrypting key.
The method of claim 7 details granting access for a second user to a requested range. The user's re-wrapped key is unwrapped using their NEW credentials, revealing their user key. The range key encrypting key (wrapped with the user key) is then unwrapped using the user's key, revealing the range key encrypting key. The wrapped range key (specific to the data range) is unwrapped using the range key encrypting key, exposing the range key. This range key is loaded into hardware registers as a data encryption key, granting the user access to the data range.
9. The method as claimed in claim 8 , further comprising: retracting permissions to the second user-requested range of the drive, including: based on a ninth input received by the system, deleting the re-wrapped selected range key encrypting key.
The method of claim 8 includes retracting permissions to a range. The system simply deletes the re-wrapped range key encrypting key (the key wrapped with the user's key) associated with the user and the specific data range. Without this wrapped key, the user cannot decrypt the data in that range, effectively revoking their access.
10. A non-transitory computer-readable medium having computer-executable instructions for performing a method for key wrapping via a storage system to allow secure access to media of the system by multiple authorities with modifiable permissions, the method comprising: establishing access to the system for a first administrator, wherein establishing access to the system for the first administrator includes: based on a first input received by the system, randomly generating a global administrator key; wrapping a first copy of the global administrator key with a first set of credentials associated with the first administrator to provide a wrapped first copy of the global administrator key; storing the wrapped first copy of the global administrator key in a drive of the system; randomly generating a plurality of range keys, the plurality of range keys being associated with ranges of logical block addresses of the drive; randomly generating a plurality of range key encrypting keys, the plurality of range encrypting keys corresponding to the plurality of range keys; wrapping first copies of the plurality of range keys with first copies of the plurality of range key encrypting keys and storing the wrapped first copies of the plurality of range keys on the drive; and wrapping second copies of the plurality of range key encrypting keys with a second copy of the global administrator key and storing the wrapped second copies of the plurality of range key encrypting keys on the drive; establishing access to the system for a non-administrator user, including: randomly generating a user key, wrapping a first copy of the user key with the first copy of the global administrator key and storing the wrapped first copy of the user key on the drive; wrapping a second copy of the user key with a first set of credentials associated with the user and storing the wrapped second copy of the user key on the drive; and wrapping a third copy of the user key with a subset of the first copies of the range key encrypting keys; and granting user permissions by the first administrator to the user for a user-requested range of the drive, including: unwrapping the first copy of the global administrator key via the first set of credentials associated with the first administrator; accessing a selected range key encrypting key included in the plurality of first copies of range key encrypting keys via the first copy of the global administrator key, the selected range key encrypting key being associated with the user-requested range of the drive; unwrapping the wrapped first copy of the user key, via the first copy of the global administrator key; wrapping the selected range key encrypting key with a fourth copy of the user key and storing the wrapped selected range key encrypting key on the drive.
A non-transitory computer-readable medium stores instructions for secure data access, using key wrapping within a storage system to control access by multiple administrators and users with customizable permissions. An administrator logs in, generating a global admin key. This key is wrapped (encrypted) with the administrator's credentials and stored. Range keys are randomly generated for different data blocks. These range keys are then wrapped with randomly generated range key encrypting keys, and both are stored on the drive. The range key encrypting keys are also wrapped with the global admin key. A user logs in, generating a user key, wrapped with the global admin key and stored. It is also wrapped with the user's credentials and a subset of the range key encrypting keys. When the admin grants the user access to a data range, the global admin key is unwrapped using the admin's credentials. The appropriate range key encrypting key (corresponding to the data range) is accessed, the user key is unwrapped using the global admin key, and the range key encrypting key is wrapped with the user key.
11. The non-transitory computer-readable medium as claimed in claim 10 , the method further comprising: establishing access to the system for a second administrator, wherein establishing access to the system for the second administrator includes: based on a second input received by the system, unwrapping the wrapped first copy of the global administrator key and the wrapped first copies of the plurality of range keys, via the first set of credentials associated with the first administrator, to recover the first copy of the global administrator key and the first copies of the plurality of range key encrypting keys; wrapping a third copy of the global administrator key with a first set of credentials associated with the second administrator and storing the wrapped third copy of the global administrator key on the drive; wrapping third copies of the plurality of range key encrypting keys with a fourth copy of the global administrator key and storing the wrapped third copies of the plurality of range key encrypting keys on the drive, wherein the first administrator is actively authenticated on the system during the step of establishing access to the system for the second administrator.
The non-transitory computer-readable medium of claim 10 is extended to include a second administrator. The first admin, logged in and authenticated, unwraps the wrapped global admin key and range key encrypting keys using their credentials. A third copy of the global admin key is wrapped with the second administrator's credentials and stored. Third copies of the range key encrypting keys are wrapped with a fourth copy of the global admin key and stored. This allows the second administrator to have similar privileges as the first, and critically requires the first admin to be logged in and actively authenticated during the second admin setup, preventing unauthorized access.
12. The non-transitory computer-readable medium as claimed in claim 11 , the method further comprising: updating credentials of the first administrator, including: based on a third input received by the system, unwrapping the wrapped first copy of the global administrator key and the wrapped first copies of the plurality of range keys, via the first set of credentials associated with the first administrator, to recover the first copy of the global administrator key and the first copies of the plurality of range key encrypting keys; and re-wrapping the first copy of the global administrator key with a second set of credentials associated with the first administrator and storing the re-wrapped first copy of the global administrator key on the drive.
The non-transitory computer-readable medium of claim 11 includes instructions for updating an administrator's credentials. Using the first administrator's OLD credentials, the wrapped global admin key and range key encrypting keys are unwrapped, revealing the original global admin key and range key encrypting keys. The global admin key is then re-wrapped (re-encrypted) with the first administrator's NEW credentials and stored, replacing the old wrapped key. This ensures that only the new credentials can unlock the admin key.
13. The non-transitory computer-readable medium as claimed in claim 12 , the method further comprising: allowing the first administrator to access a range of the drive, including: based on a fourth input received by the system, unwrapping the first copy of the global administrator key, via utilization of the second set of credentials associated with the first administrator, to recover the first copy of the range key encrypting key, the range key encrypting key being associated with the range of the drive; unwrapping a wrapped first copy of a range key included in the plurality of wrapped first copies of range keys, via the first copy of the range key encrypting key, the unwrapped first copy of the range key corresponding to the first copy of the range key encrypting key; and programming a data encryption key into hardware registers of the system and accessing the data encryption key using the first copy of the range key encrypting key.
The non-transitory computer-readable medium of claim 12 enables an administrator to access a data range. The global admin key is unwrapped using the administrator's NEW credentials. The corresponding range key encrypting key for the requested data range is retrieved using the global admin key. The wrapped range key (specific to that data range) is then unwrapped using the range key encrypting key. This unwrapped range key becomes a data encryption key, loaded into hardware registers, allowing the administrator to access and decrypt data in that specified range.
14. The non-transitory computer-readable medium as claimed in claim 13 , the method further comprising: establishing access to the system for a second non-administrator user, including: based on a fifth input received by the system, unwrapping the re-wrapped first copy of the global administrator key via the second set of credentials of the first administrator; accessing a subset of the first copies of the plurality of range key encrypting keys via the second set of credentials of the first administrator, the subset including only range key encrypting keys associated with ranges of the drive the second user is authorized to access; randomly generating a second user key; wrapping a first copy of the second user key with the first copy of the global administrator key and storing the wrapped first copy of the second user key on the drive; wrapping a second copy of the second user key with a first set of credentials associated with the second user and storing the wrapped second copy of the second user key on the drive; and wrapping a third copy of the second user key with the subset of first copies of the range key encrypting keys.
The non-transitory computer-readable medium of claim 13 adds instructions for a second user. The global admin key is unwrapped using the first administrator's NEW credentials. A subset of the range key encrypting keys is accessed, limited to ranges the second user is permitted to access. A second user key is randomly generated. This second user key is wrapped with the global admin key, the second user's credentials, and the subset of range key encrypting keys. This controls the second user's access to only authorized data ranges, as determined by the administrator.
15. The non-transitory computer-readable medium as claimed in claim 14 , the method further comprising: updating credentials of the second user, including: based on a sixth input received by the system, unwrapping the second copy of the second user key via the first set of credentials associated with the second user; re-wrapping the second copy of the second user key with a second set of credentials associated with the second user; and storing the re-wrapped second copy of the second user key on the drive.
The non-transitory computer-readable medium of claim 14 includes updating a user's credentials. The second user's existing (old) credentials are used to unwrap the user key previously wrapped with those credentials. This unwrapped user key is then re-wrapped with the second user's NEW credentials and stored, replacing the old wrapped key. This process updates the stored user key to use the new credentials for future access.
16. The non-transitory computer-readable medium as claimed in claim 15 , the method further comprising: granting user permissions by the first administrator or the second administrator to the second user for a second user-requested range of the drive, including: based on a seventh input received by the system, unwrapping the first copy of the global administrator key via the second set of credentials associated with the first administrator; accessing a selected range key encrypting key included in the plurality of first copies of range key encrypting keys via the first copy of the global administrator key, the selected range key encrypting key being associated with the second user-requested range of the drive; unwrapping the wrapped first copy of the second user key, via the first copy of the global administrator key; wrapping the selected range key encrypting key with a fourth copy of the second user key and storing the wrapped selected range key encrypting key on the drive.
The non-transitory computer-readable medium of claim 15 allows an administrator (either the first or second) to grant a second user access to a drive range. The global administrator key is unwrapped using the first administrator's credentials. The range key encrypting key for the requested drive range is accessed using the global admin key. The user key of the second user is unwrapped using the global admin key. The selected range key encrypting key is then wrapped with a fourth copy of the second user key and stored.
17. The non-transitory computer-readable medium as claimed in claim 16 , the method further comprising: granting access for the second user to the second user-requested range of the drive, including: based on an eighth input received by the system, unwrapping the re-wrapped second copy of the second user key, via the second set of credentials associated with the second user, to recover the second copy of the second user key; unwrapping the wrapped selected range key encrypting key, via the second copy of the second user key, to recover the selected range key encrypting key; unwrapping a wrapped first copy of a range key included in the plurality of wrapped first copies of range keys, via the selected range key encrypting key, to recover the first copy of the range key, the first copy of the range key corresponding to the requested range of the drive; and programming a data encryption key into hardware registers of the system and accessing the data encryption key using the first copy of the range key encrypting key.
The non-transitory computer-readable medium of claim 16 details instructions for granting access for a second user to a requested range. The user's re-wrapped key is unwrapped using their NEW credentials, revealing their user key. The range key encrypting key (wrapped with the user key) is then unwrapped using the user's key, revealing the range key encrypting key. The wrapped range key (specific to the data range) is unwrapped using the range key encrypting key, exposing the range key. This range key is loaded into hardware registers as a data encryption key, granting the user access to the data range.
18. The non-transitory computer-readable medium as claimed in claim 16 , the method further comprising: retracting permissions to the second user-requested range of the drive, including: based on a ninth input received by the system, deleting the re-wrapped selected range key encrypting key.
The non-transitory computer-readable medium of claim 16 includes instructions for retracting permissions to a range. The system simply deletes the re-wrapped range key encrypting key (the key wrapped with the user's key) associated with the user and the specific data range. Without this wrapped key, the user cannot decrypt the data in that range, effectively revoking their access.
19. A storage system, comprising: a controller, the controller including a processor, a network interface and a memory; a non-volatile memory, the non-volatile memory being connected to the controller; and control programming for performing a method for key wrapping for promoting secure access to media of the storage system by multiple authorities with modifiable permissions, the method including: establishing access to the system for a first administrator, wherein establishing access to the system for the first administrator includes: based on a first input received by the system, randomly generating a global administrator key; wrapping a first copy of the global administrator key with a first set of credentials associated with the first administrator to provide a wrapped first copy of the global administrator key; storing the wrapped first copy of the global administrator key in the non-volatile memory of the system; randomly generating a plurality of range keys, the plurality of range keys being associated with ranges of logical block addresses of the non-volatile memory; randomly generating a plurality of range key encrypting keys, the plurality of range encrypting keys corresponding to the plurality of range keys; wrapping first copies of the plurality of range keys with first copies of the plurality of range key encrypting keys and storing the wrapped first copies of the plurality of range keys in the non-volatile memory; and wrapping second copies of the plurality of range key encrypting keys with a second copy of the global administrator key and storing the wrapped second copies of the plurality of range key encrypting keys in the non-volatile memory; establishing access to the system for a non-administrator user, including: randomly generating a user key, wrapping a first copy of the user key with the first copy of the global administrator key and storing the wrapped first copy of the user key in the non-volatile memory; wrapping a second copy of the user key with a first set of credentials associated with the user and storing the wrapped second copy of the user key in the non-volatile memory; and wrapping a third copy of the user key with a subset of the first copies of the range key encrypting keys; and granting user permissions by the first administrator to the user for a user-requested range of the non-volatile memory, including: unwrapping the first copy of the global administrator key via the first set of credentials associated with the first administrator; accessing a selected range key encrypting key included in the plurality of first copies of range key encrypting keys via the first copy of the global administrator key, the selected range key encrypting key being associated with the user-requested range of the non-volatile memory; unwrapping the wrapped first copy of the user key, via the first copy of the global administrator key; wrapping the selected range key encrypting key with a fourth copy of the user key and storing the wrapped selected range key encrypting key in the non-volatile memory.
A storage system includes a controller (processor, network interface, memory) and non-volatile memory. It uses key wrapping to secure data access for multiple administrators and users. An administrator logs in, generating a global admin key, wrapped with their credentials, and stored. Range keys are created for data blocks, wrapped with range key encrypting keys, and stored. Range key encrypting keys are also wrapped with the global admin key. A user logs in, generating a user key, wrapped with the global admin key and stored, wrapped with user credentials, and wrapped with a subset of range key encrypting keys. When an admin grants user access to a range, the global admin key is unwrapped. The range key encrypting key for the requested range is accessed. The user key is unwrapped with the global admin key, and the range key encrypting key is wrapped with the user key.
20. The storage system as claimed in claim 19 , wherein the method further includes: establishing access to the system for a second administrator, wherein establishing access to the system for the second administrator includes: based on a second input received by the system, unwrapping the wrapped first copy of the global administrator key and the wrapped first copies of the plurality of range keys, via the first set of credentials associated with the first administrator, to recover the first copy of the global administrator key and the first copies of the plurality of range key encrypting keys; wrapping a third copy of the global administrator key with a first set of credentials associated with the second administrator and storing the wrapped third copy of the global administrator key in the non-volatile memory; wrapping third copies of the plurality of range key encrypting keys with a fourth copy of the global administrator key and storing the wrapped third copies of the plurality of range key encrypting keys in the non-volatile memory, wherein the first administrator is actively authenticated on the system during the step of establishing access to the system for the second administrator.
The storage system of claim 19 supports a second administrator. The first admin, logged in, unwraps the wrapped global admin key and range key encrypting keys with their credentials. A third copy of the global admin key is wrapped with the second admin's credentials and stored. Third copies of range key encrypting keys are wrapped with a fourth copy of the global admin key and stored. The first admin must be actively authenticated during the second admin setup. This allows a second admin with equivalent access while preventing unauthorized access if the first admin is not authenticated.
Unknown
November 18, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.